Authorities in Taiwan have fined the car rental and ride sharing giant iRent after a TechGround investigation revealed that the company had been spilling customers’ data and identity documents onto the open web for months. The fine marks the latest action taken by Taiwanese authorities against tech companies whose lax security has allowed third-party attackers to steal sensitive information from their customers.
The Taiwanese auto conglomerate Hotai Motor is facing fines for failing to adequately protect the data of more than 400,000 customers. The company is believed to have been accepting payments from customers in China through iRent, a subsidiary that provides rental services. In February 2017, two separate fines were issued by Chinese authorities for iRent’s failure to secure customer data properly. The first fine was reportedlyissued after it was discovered that employees had accepted payments without properly encrypting the data. The second fine stemmed from reports of attackers compromising user accounts and illegally accessting their information.
After being fined for mishandling customer data, iRent plans to improve its security measures. The company has already taken steps to ensure that customer data is more securely stored and protected.
The public discipline agencies of the two separate governments seem to be taking an increasingly stern approach towards businesses in their respective capitals. The fines levied for failures to manage properly may discourage companies from making significant mistakes, as they could end up paying a substantial sum for their actions.
There are a number of reasons why digital ministry officials were so quick to act when they learned about the exposed database. First and foremost, iRent had left its customers’ information unprotected for a full week; second, Taiwan is known for its strong cyber security measures; and finally, iRent is a Taiwanese company with ties to the Taiwanese government. This incident highlights one of the challenges companies face when it comes to cyber security: knowing when it’s necessary to call in outside help in order to protect user data.
The millions of customer information in the database was easily accessible to anyone who wanted it. The security of the data was not a priority for the company, and as a result, it was stolen.
The Taiwanese government inspectors found that iRent did not have an adequate security plan in place, which left their database open to attack. Although the company has since made improvements to their security, they are still not immune to potential breaches.
The Taiwan highways division is warning motor transport operators to continue to protect user personal information and also implement corporate social responsibility. This is in order to protect consumer rights. For example, the bureau suggests that operators create policies that mandate users must provide their real names and addresses when subscribing to transportation services, as well as inform them of their legal rights should their personal data be mishandled or abused.
As Taiwan’s vice premier, Cheng Wen-tsan is in a position to make decisions affecting the country’s economy. After the iRent incident, he agreed that the fine against the company was “too light.” He plans to propose a law amendment that would increase fines for companies found to have spilled personal information by ten-fold. This statement shows how important it is for companies to take measures to protect user data, and demonstrates Taiwan’s commitment to protecting its citizens privacy
